Microsoft issues patch for potential 'worm hole'
Published: 24 Oct 2008 16:22 BST
On Thursday, Microsoft issued a rare, out-of-cycle patch for a vulnerability in the Windows Server service that handles remote procedure calls, which allows programmers to run code either locally or remotely.
In issuing MS08-067, Microsoft warned: "It is possible that this vulnerability could be used in the crafting of a wormable exploit." Entitled 'Vulnerability in Server Service Could Allow Remote Code Execution (958644)', the specific vulnerability has been assigned a National Vulnerability Database designation of CVE-2008-4250.
Microsoft rates this patch as critical for Microsoft Windows 2000, Windows XP and Windows Server 2003, and important for Windows Vista and Windows Server 2008. It also affects versions of Windows 7 pre-beta in limited release. The patch replaces MS06-040.
Read this
Photos: Ferrari test drives Microsoft's HPC software
Despite emerging as the latest big-name user of Windows HPC Server 2008, the reigning Formula One champion is keeping its Linux high-performance computing systems ticking over
Microsoft normally issues patches on the second Tuesday of each month, which has been deemed Patch Tuesday. But out-of-cycle patches are not without precedent. Recent examples include the Windows Animated Cursor Remote Code Execution Vulnerability (April 2007), a vulnerability in Vector Markup Language (September 2006) and a vulnerability in the Graphics Rendering Engine (January 2006).
Microsoft said there have been only limited and targeted attacks to date.
The company added that a firewall should block network resources from attacks from outside the enterprise perimeter.
The patch is available via Microsoft Update or the individual bulletin for MS08-067.
Did you find this article useful?
7 out of 7 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
